remove duplicated test cases from ReDoS, and adjust variables names to match test output

erik-krogh · erik-krogh · commit c4153a617e11 · 2020-11-18T14:49:09.000+01:00
diff --git a/javascript/ql/src/Performance/ReDoS.ql b/javascript/ql/src/Performance/ReDoS.ql
@@ -306,7 +306,7 @@ private module CharacterClasses {
    * Gets a char that could be matched by a regular expression.
    * Includes all printable ascii chars, all constants mentioned in a regexp, and all chars matches by the regexp `/\s|\d|\w/`.
    */
-  private string getARelevantChar() {
+  string getARelevantChar() {
     exists(ascii(result))
     or
     exists(RegexpCharacterConstant c | result = c.getValue().charAt(_))
diff --git a/javascript/ql/test/query-tests/Performance/ReDoS/PolynomialBackTracking.expected b/javascript/ql/test/query-tests/Performance/ReDoS/PolynomialBackTracking.expected
@@ -181,8 +181,8 @@
 | regexplib/uri.js:59:2:59:13 | [a-zA-Z]{3,} | it can start matching anywhere |
 | regexplib/uri.js:64:31:64:36 | [\\w-]+ | it can start matching anywhere after the start of the preceeding '[\\w-\\s]*' |
 | regexplib/uri.js:73:2:73:4 | .*? | it can start matching anywhere |
-| tst.js:14:13:14:18 | (.*,)+ | it can start matching anywhere |
-| tst.js:14:14:14:15 | .* | it can start matching anywhere |
+| tst.js:14:14:14:19 | (.*,)+ | it can start matching anywhere |
+| tst.js:14:15:14:16 | .* | it can start matching anywhere |
 | tst.js:47:15:47:37 | (?:[^"']\|".*?"\|'.*?')*? | it can start matching anywhere |
 | tst.js:47:25:47:27 | .*? | it can start matching anywhere after the start of the preceeding '"' |
 | tst.js:47:31:47:33 | .*? | it can start matching anywhere after the start of the preceeding ''' |
@@ -247,24 +247,21 @@
 | tst.js:224:16:224:23 | ([^X]b)+ | it can start matching anywhere |
 | tst.js:227:14:227:24 | (([^X]b)+)* | it can start matching anywhere |
 | tst.js:227:15:227:22 | ([^X]b)+ | it can start matching anywhere |
-| tst.js:230:15:230:20 | (.*,)+ | it can start matching anywhere |
-| tst.js:230:16:230:17 | .* | it can start matching anywhere |
+| tst.js:230:15:230:22 | ((ab)+)* | it can start matching anywhere |
+| tst.js:230:16:230:20 | (ab)+ | it can start matching anywhere |
 | tst.js:233:15:233:22 | ((ab)+)* | it can start matching anywhere |
 | tst.js:233:16:233:20 | (ab)+ | it can start matching anywhere |
-| tst.js:236:15:236:22 | ((ab)+)* | it can start matching anywhere |
-| tst.js:236:16:236:20 | (ab)+ | it can start matching anywhere |
-| tst.js:242:14:242:21 | ((ab)+)* | it can start matching anywhere |
-| tst.js:242:15:242:19 | (ab)+ | it can start matching anywhere |
-| tst.js:245:15:245:22 | ((ab)+)* | it can start matching anywhere |
-| tst.js:245:16:245:20 | (ab)+ | it can start matching anywhere |
-| tst.js:248:14:248:23 | ([\\n\\s]+)* | it can start matching anywhere |
-| tst.js:248:15:248:21 | [\\n\\s]+ | it can start matching anywhere |
-| tst.js:251:16:251:17 | A* | it can start matching anywhere |
-| tst.js:251:18:251:19 | A* | it can start matching anywhere |
-| tst.js:251:18:251:19 | A* | it can start matching anywhere after the start of the preceeding 'A*' |
-| tst.js:260:14:260:21 | (\\n\\s*)+ | it can start matching anywhere |
-| tst.js:266:14:266:91 | (\\w*foobarbaz\\w*foobarbaz\\w*foobarbaz\\w*foobarbaz\\s*foobarbaz\\d*foobarbaz\\w*)+ | it can start matching anywhere |
-| tst.js:266:15:266:17 | \\w* | it can start matching anywhere |
-| tst.js:269:14:269:116 | (.thisisagoddamnlongstringforstresstestingthequery\|\\sthisisagoddamnlongstringforstresstestingthequery)* | it can start matching anywhere |
-| tst.js:272:14:272:77 | (thisisagoddamnlongstringforstresstestingthequery\|this\\w+query)* | it can start matching anywhere |
-| tst.js:275:15:275:117 | (thisisagoddamnlongstringforstresstestingthequery\|imanotherbutunrelatedstringcomparedtotheotherstring)* | it can start matching anywhere |
+| tst.js:239:14:239:21 | ((ab)+)* | it can start matching anywhere |
+| tst.js:239:15:239:19 | (ab)+ | it can start matching anywhere |
+| tst.js:242:15:242:22 | ((ab)+)* | it can start matching anywhere |
+| tst.js:242:16:242:20 | (ab)+ | it can start matching anywhere |
+| tst.js:245:14:245:23 | ([\\n\\s]+)* | it can start matching anywhere |
+| tst.js:245:15:245:21 | [\\n\\s]+ | it can start matching anywhere |
+| tst.js:248:16:248:17 | A* | it can start matching anywhere |
+| tst.js:248:18:248:19 | A* | it can start matching anywhere |
+| tst.js:248:18:248:19 | A* | it can start matching anywhere after the start of the preceeding 'A*' |
+| tst.js:254:14:254:91 | (\\w*foobarbaz\\w*foobarbaz\\w*foobarbaz\\w*foobarbaz\\s*foobarbaz\\d*foobarbaz\\w*)+ | it can start matching anywhere |
+| tst.js:254:15:254:17 | \\w* | it can start matching anywhere |
+| tst.js:257:14:257:116 | (.thisisagoddamnlongstringforstresstestingthequery\|\\sthisisagoddamnlongstringforstresstestingthequery)* | it can start matching anywhere |
+| tst.js:260:14:260:77 | (thisisagoddamnlongstringforstresstestingthequery\|this\\w+query)* | it can start matching anywhere |
+| tst.js:263:15:263:117 | (thisisagoddamnlongstringforstresstestingthequery\|imanotherbutunrelatedstringcomparedtotheotherstring)* | it can start matching anywhere |
diff --git a/javascript/ql/test/query-tests/Performance/ReDoS/ReDoS.expected b/javascript/ql/test/query-tests/Performance/ReDoS/ReDoS.expected
@@ -108,11 +108,8 @@
 | tst.js:218:15:218:19 | [^X]+ | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'W'. |
 | tst.js:221:20:221:20 | b | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'bW'. |
 | tst.js:227:20:227:20 | b | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'bW'. |
-| tst.js:242:16:242:17 | ab | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'ab'. |
-| tst.js:248:15:248:21 | [\\n\\s]+ | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '\\n'. |
-| tst.js:254:17:254:21 | [^>]+ | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '='. |
-| tst.js:257:16:257:21 | [^>a]+ | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '='. |
-| tst.js:260:17:260:19 | \\s* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '\\n'. |
-| tst.js:266:87:266:89 | \\w* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '0foobarbazfoobarbazfoobarbazfoobarbazfoobarbazfoobarbaz'. |
-| tst.js:269:14:269:116 | (.thisisagoddamnlongstringforstresstestingthequery\|\\sthisisagoddamnlongstringforstresstestingthequery)* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of ' thisisagoddamnlongstringforstresstestingthequery'. |
-| tst.js:272:14:272:77 | (thisisagoddamnlongstringforstresstestingthequery\|this\\w+query)* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'thisisagoddamnlongstringforstresstestingthequery'. |
+| tst.js:239:16:239:17 | ab | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'ab'. |
+| tst.js:245:15:245:21 | [\\n\\s]+ | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '\\n'. |
+| tst.js:254:87:254:89 | \\w* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '0foobarbazfoobarbazfoobarbazfoobarbazfoobarbazfoobarbaz'. |
+| tst.js:257:14:257:116 | (.thisisagoddamnlongstringforstresstestingthequery\|\\sthisisagoddamnlongstringforstresstestingthequery)* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of ' thisisagoddamnlongstringforstresstestingthequery'. |
+| tst.js:260:14:260:77 | (thisisagoddamnlongstringforstresstestingthequery\|this\\w+query)* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'thisisagoddamnlongstringforstresstestingthequery'. |
diff --git a/javascript/ql/test/query-tests/Performance/ReDoS/tst.js b/javascript/ql/test/query-tests/Performance/ReDoS/tst.js
@@ -11,12 +11,12 @@ var good1 = /^\b_((?:__|[^_])+?)_\b|^\*((?:\*\*|[^*])+?)\*(?!\*)/;
 // GOOD - there is no witness in the end that could cause the regexp to not match
 // Adapted from brace-expansion (https://github.com/juliangruber/brace-expansion),
 // which is licensed under the MIT license; see file brace-expansion-LICENSE.
-var bad2 = /(.*,)+.+/;
+var good2 = /(.*,)+.+/;
 
 // NOT GOOD; attack: " '" + "\\\\".repeat(100)
 // Adapted from CodeMirror (https://github.com/codemirror/codemirror),
 // which is licensed under the MIT license; see file CodeMirror-LICENSE.
-var bad3 = /^(?:\s+(?:"(?:[^"\\]|\\\\|\\.)+"|'(?:[^'\\]|\\\\|\\.)+'|\((?:[^)\\]|\\\\|\\.)+\)))?/;
+var bad2 = /^(?:\s+(?:"(?:[^"\\]|\\\\|\\.)+"|'(?:[^'\\]|\\\\|\\.)+'|\((?:[^)\\]|\\\\|\\.)+\)))?/;
 
 // GOOD
 // Adapted from lulucms2 (https://github.com/yiifans/lulucms2).
@@ -95,7 +95,7 @@ var good9 = '(a|aa?)*b';
 var bad18 = /(([^]|[^a])*)"/;
 
 // GOOD - there is no witness in the end that could cause the regexp to not match
-var bad19 = /([^"']+)*/g;
+var good10 = /([^"']+)*/g;
 
 // NOT GOOD
 var bad20 = /((.|[^a])*)"/;
@@ -226,9 +226,6 @@ var good18 = /(([^X]b)+)*($|[^X]b)/;
 // NOT GOOD
 var bad54 = /(([^X]b)+)*($|[^X]c)/;
 
-// GOOD
-var good19 = /(.*,)+.+/;
-
 // GOOD
 var good20 = /((ab)+)*ababab/;
 
@@ -250,15 +247,6 @@ var bad56 = /([\n\s]+)*(.)/;
 // GOOD - any witness passes through the accept state.
 var good24 = /(A*A*X)*/;
 
-// GOOD - but still flagged (always matches something)
-var good25 = /^([^>]+)*(>|$)/;
-
-// NOT GOOD
-var bad57 = /^([^>a]+)*(>|$)/;
-
-// NOT GOOD
-var bad58 = /(\n\s*)+$/;
-
 // GOOD
 var good26 = /([^\\\]]+)*/
 
